Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Google Security

Motorola Confirms That It Will Not Commit To Monthly Security Patches (arstechnica.com) 162

If you are planning to purchase the Moto Z or a Moto G4 smartphone, be prepared to not see security updates rolling out to your phone every month -- and in a timely fashion. After Ars Technica called out Motorola's security policy as "unacceptable" and "insecure," in a recent review, the company tried to handle the PR disaster, but later folded. In a statement to the publication, the company said: Motorola understands that keeping phones up to date with Android security patches is important to our customers. We strive to push security patches as quickly as possible. However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade. As we previously stated, Moto Z Droid Edition will receive Android Security Bulletins. Moto G4 will also receive them.Monthy security updates -- or the lack thereof -- remains one of the concerning issues that plagues the vast majority of Android devices. Unless it's a high-end smartphone, it is often rare to see the smartphone OEM keep the device's software updated for more than a year. Even with a flagship phone, the software update -- and corresponding security patches -- are typically guaranteed for only 18 to 24 months. Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough.
This discussion has been archived. No new comments can be posted.

Motorola Confirms That It Will Not Commit To Monthly Security Patches

Comments Filter:
  • Easy... (Score:2, Insightful)

    by Anonymous Coward

    It's actually pretty easy to roll out regular patches, especially considering the upstream testing... ... unless you're adding a ton of vendor/carrier crapware. Testing and maintaining *that* might be an issue.

    Yet Motorola's solution is (apparently) not "DONT FUCKING DO THAT" but instead "don't bother with patching". Yay. Go team dumbass.

    • If we patch our OS, people can remain on it and be happy with their existing phones. If we leave them behind with a millstone around their neck, they'll upgrade. Profit.

  • by LichtSpektren ( 4201985 ) on Tuesday July 26, 2016 @02:38PM (#52584371)
    You specifically advertised the 2015 Moto E with the following line: "And while other smartphones in this category don't always support upgrades, we won't forget about you, and we'll make sure your Moto E stays up to date after you buy it."

    Then you stopped providing updates for it (of ANY kind) after 219 days.

    Fuck you, fuck you so hard. I've made it very clear to everybody I know that they should never, under any circumstances, buy any Motorola or Lenovo products.
    • by cdrudge ( 68377 )

      This is why I LOVE all my Nexus devices. Guaranteed minimum 2 years of Android version updates (major OS versions) along with a minimum of 3 years or 18 months after Google stops selling it for security updates.

    • Same with my Moto X 2014, it's stuck on the November 2015 security patch level

      I've had a Motorola Defy, a Moto G and a Moto X. No more Motorola's for me.

      My next phone will be a Nexus.

      • by tlhIngan ( 30335 )

        Why would anyone want a Motorola/Lenovo anyways? After all, they're dropping the headphone jack too...

        (Some "innovation" Apple. You got out-innovated by the competition over a rumor).

        • Only Moto Z, the thinnest phone in their lineup, is dropping the headphone jack. I am quite happy with my Moto X with a headphone jack.

      • by Hadlock ( 143607 )

        They finally pushed out a... June? 2016 security patch to my Moto X. I think this fixed the bug where the radio would get woken up from sleep mode, but not return to sleep when done, which ate up my battery like crazy. The Moto X was my first Non-Nexus phone in years... now I'm back with a Nexus 5x, at least Google patches their shit.

  • by bhcompy ( 1877290 ) on Tuesday July 26, 2016 @02:39PM (#52584375)
    This is what the ecosystem allows. You want to be open, that means that you're stuck with this, unless you can write the updates in ways that allows patching through the app store without affecting the vendor "customizations".

    Perhaps Google should rethink its strategy of how they offer software and encourage some type of buy-in on updates for support in the hardware and software dev process
    • Perhaps Google should rethink its strategy of how they offer software and encourage some type of buy-in on updates for support in the hardware and software dev process

      It's not Google's choice. Vendors want the ability to make customizations to the OS, to "add value". It's one of the reason why they accepted Android in the first place: the ability to control, customize, and bundle whatever they wanted.

      Moreover, while getting a vanilla AOSP up on your device isn't hard, making it stable and performant is most certainly not.

      • by macs4all ( 973270 ) on Tuesday July 26, 2016 @03:13PM (#52584773)

        It's not Google's choice. Vendors want the ability to make customizations to the OS, to "add value".

        Wrong! It IS Google's choice.

        I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone, too. It's just that Google COULDN'T CARE LESS about anything other than Datamining. Every Android install is nothing more to them than more Click-bait, more Datamining, more Privacy incursions.

        Google could end this RIGHT NOW. But they won't.

        Ever ask yourself why?

        • I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone,

          They sure did and Apple told them to suck it. That's why Android exists. It exists because carriers wanted control that Apple wouldn't allow them.

          It's just that Google COULDN'T CARE LESS about anything other than Datamining

          And, what's your point? Right, their Google Apps (which aren't part of Android) do the datamining. As long as the vendor includes those, which they are bound by contract to do, Google doesn't care ... beyond the fact that they want Android do have a good name so it can continue to be a vehicle for Google Apps.

          Google could end this RIGHT NOW. But they won't. Ever ask yourself why?

          I don't need to ask, I know.

          For starters, the vendors w

          • My take on the whole "we can't be bothered to patch or upgrade our phones" a complete line of bullshit. The fact that CM runs on so many devices kind of makes that case laughable. These are semi-pro volunteers at best who are able to manage to get the thing running on hardware, often without access the Manufacturer has to hardware level programming, and make (often) a better product than the manufacturer. If I were any one of these companies CEO, I would call it embarrassing.

            The second point is, they could

            • almost next to nothing

              It's fun to think you know more than the thousands of people who's jobs it is to manufacturer and ship software for devices. I mean really, if it was a matter of hiring one guy for a few months, common sense would lead you to believe they'd just do that vs. facing the bad press. Common sense would lead you to think that it's maybe more of an ordeal than armchair software developers like to claim.

              Well, I would invite you to talk with someone that actually does this sort of engineering. Getting AOSP up and ru

              • Every single change you made in the previous release needs to be ported to the new release and tested. And it's more likely than not that the files have changed and it's not simply applying a patch. If you are unlucky, the kernel changes and you need updated version of your drivers. Sometimes you don't even have the source for those so you need to go contract with chip maker or a 3rd party to rework the drivers.

                This is why you upstream everything and choose hardware with open-source drivers. If you have to apply proprietary in-house patches to get the latest AOSP running on your device, you're doing it wrong.

          • Every Android dist is customized to that specific hardware. Creating a performing, stable Android dist for even one hardware config is an massive task.

            That's an excuse an (I assume) you know it.

            I didn't mean that Google had to roll every single OEM implementation themselves; but they could still maintain control over the "overall experience" of the "brand" through OEM Licensing Agreements.

            Do you REALLY think that ANY OEM would want to Fork their own version of Android (which BTW, wouldn't be allowed to be called Android, nor use the familiar (if fugly) Logo)? No, they would cowtow to Google's new terms in a heartbeat.

            Same with the Carriers: Although

            • they could still maintain control over the "overall experience" of the "brand" through OEM Licensing Agreements.

              Well good, they already do that.

              It's not the brand, or the experience that's the problem. It's the nitty gritty development and testing and patching of the OS against each and every unique device they develop. Someone has to pay for that to happen.

              they can again use The Power Of The License to force the OEMs to strongarm the Carriers.

              The Android way is to provide options. If you want timely updates, pay $800 for a Samsung device. On the other end of the spectrum is the $99 Moto E. Pray for your updates. Your choice.Personally I'd rather have options than a world where Samsung was the only Andr

              • I'd rather have options than a world where Samsung was the only Android device manufacturer.

                ...and I might very well be right there with you, if Android wasn't such a Clusterfuck.

                It's SLOWLY getting better; but it's STILL not really serious about critical things like delivering Security Patches, and properly vetting Apps in the Play Store.

                • properly vetting Apps in the Play Store.

                  Apple's policies are too restrictive. Google's aren't restrictive enough. People will complain either way.

                  • properly vetting Apps in the Play Store.

                    Apple's policies are too restrictive. Google's aren't restrictive enough. People will complain either way.

                    It's a phone. Set your expectations accordingly.

                    I've got my MacBook Pro for when I want to go Midieval on something...

        • by AmiMoJo ( 196126 )

          That makes no sense. If all they wanted was to data mine they would be trying to make the best OS possible so that as many people as possible use it.

          Android got where it is by being open. If it was identical in every phone manufacturers wouldn't have wanted to touch it because there would be nothing to differentiate their product.

          Google's mistake was not ensuring they could patch everything from day one. They have mostly fixed that now with updates via Play. That's why we don't see vast botnets of phones wh

          • Android got where it is by being open.

            Typical Slashtard. Outside of this site, almost NO ONE cares that Android is "Open" (which it is actually NOT).

            Android got to where it is by being on every cheap-ass FREE handset around, PERIOD. FULL STOP.

            • by IAN ( 30 )

              Android got where it is by being open.

              Typical Slashtard. Outside of this site, almost NO ONE cares that Android is "Open" (which it is actually NOT).

              The phone manfacturers do, and for them it's enough that Android is more open than iOS (which it actually IS, for any reasonable definition of open).

              Android got to where it is by being on every cheap-ass FREE handset around, PERIOD. FULL STOP.

              So, pray tell, what made those cheap-ass handsets possible?

        • I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone, too. .... Ever ask yourself why?

          Nope. Even though it's a large organisation I wouldn't have thought Apple would be too keen to make customisations to Apple's own product.

          The only thing I ever ask myself is "Did he ever look up what vendor means before posting?"

        • It's not Google's choice. Vendors want the ability to make customizations to the OS, to "add value".

          Wrong! It IS Google's choice. I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone, too. It's just that Google COULDN'T CARE LESS about anything other than Datamining. Every Android install is nothing more to them than more Click-bait, more Datamining, more Privacy incursions. Google could end this RIGHT NOW. But they won't. Ever ask yourself why?

          No, it's not Google's choice. Android is FOSS which means anybody can make an Android phone. If macOS were FOSS, then anybody could sell a Hackintosh and not update it, and it would be the same thing.

          As far as I'm concerned, so long as Google's own products (Nexus/Pixels) get security updates, I'm not mad at them for what other people do. But if you're going to cry that Google is bad because they don't heavily restrict their OS, well, good luck with that: the reason I prefer Android is BECAUSE of the fre

          • No, it's not Google's choice. Android is FOSS

            From what I have read on this site, Android is "F/OSS" for very limited values of "F/OSS". IOW, it really ISN'T F/OSS in a PRACTICAL sense.

            • No, it's not Google's choice. Android is FOSS

              From what I have read on this site, Android is "F/OSS" for very limited values of "F/OSS". IOW, it really ISN'T F/OSS in a PRACTICAL sense.

              Sure it is. Anybody can package their own Android ROM and install it if they feel like it. Ask Psystar how that worked out for them and Hackintosh.

      • not Google's choice. Vendors want the ability to make customizations to the OS, to "add value". It's one of the reason why they accepted Android in the first place: the ability to control, customize, and bundle whatever they wanted.

        Windows manufacturers have been adding crap to the default installations for over two decades but users have always been able to get security updates from MS.

  • by emil ( 695 ) on Tuesday July 26, 2016 @02:39PM (#52584385)

    No exceptions. A phone is a critical communications device, and if the OEM won't supply critical upgrades, then they must allow others to do so.

    DMCA exceptions should be established, and vendors should not be allowed to sell phones within the U.S. without providing all required unlock keys into an escrow. Upon 6 months of patch inactivity, the keys go public.

    • by TheGratefulNet ( 143330 ) on Tuesday July 26, 2016 @02:47PM (#52584473)

      if we had ralph nader types working for us, it would be a law that any series of skipped or delayed security patches (some threshold in a row) would mandate that you unlock bootloaders and let people do the patching themselves.

      man, I wish we had people working FOR THE PEOPLE as our government. the fact that they sold all of us out and stopped caring, that's going to be part of our total demise as a nation. not the main part, but a huge part.

      there were short periods in time (sorry to say, usually under D control) where our congress and senate worked to make things better for regular people. I can't remember the last time this happened, though.

      too bad our lawmakers have no balls to stand up to the power of money and bribes and 'election campain money'.

      we surely deserve better than this.

      • While I agree with the sentiment, I reject your version of how to solve the problem.

        The correct way to handle this is via Class Action Lawsuit, against carrier and manufacture for selling a product that is unfit for use, and either force a recall or updates. We don't need an ill crafted law that is watered down by industry shills in the Republicrat Party.

        I can guarantee that your idea will work, but only temporarily until the legislation is watered down further or they find another way around the specifics

      • we surely deserve better than this.

        No we don't. Because we keep voting for the same "D"s an "R"s. EVERY. SINGLE. TIME.

    • hear hear!

    • Motorola let you unlock their phones.
      They have instructions on their website.

    • I thought there were already DMCA exception. Isn't that how Cynaogenmod, etc. function?

    • No exceptions. A phone is a critical communications device, and if the OEM won't supply critical upgrades, then they must allow others to do so.

      Which Motorola phones don't have unlockable bootloaders? I'd be surprised if PAYG phones from crapfone etc. did, to be fair. But aren't most moto phones unlockable?

  • by gweilo8888 ( 921799 ) on Tuesday July 26, 2016 @02:40PM (#52584391)
    It saddens me, as a one-time Motorolan myself, but when other vendors are perfectly capable of providing timely security updates, I'm not going to buy products from a company that willfully ignores its customers' security.

    If it is too much work, Motorola, then you fix that problem. You don't just pass the buck to the end user. If it is taking too long, that means you're adding too much bloated cruft to the OS. Get rid of it and do your job properly, or suffer the consequences of anyone who knows a little about security avoiding your products, and recommending friends, family and colleagues to do the same.
  • I really liked the price and specs of the G4+, and was seriously considering the 64 GB model. This news has tainted Motorola^w Lenovo handsets for me for the next few handset generations. I guess I'll wait the announcement of the new Nexis line next month. I hate the idea of no expandable memory, but if they can get me a 128Gig unit for a decent price, I'll be satisfied being able to store what I need until I get home and can transfer it to my file server.
    • I bought it for my son. It's a great phone. $249 for a 64GB / 4GB 1080p device with a SD card slot. Very close to stock Android. Still uses micro USB, and no NFC reader are the only downsides I can think of.

      • I don't care about it being microUSB, the question is how solid is the port. Is it the kind that breaks after a thousand cycles, or does it last and last?

      • by bjwest ( 14070 )
        Exactly the reason I was going to get one. That 'very close to stock Android' has me wondering why in hell they'll not be pushing out monthly security updates. Hell, I'd gladly take the data hit every month. It makes me wonder how long they'll even support it and if it will get Android 7, 8 and hopefully 9. My next phone will be my first outright purchased phone, and I hope to make it last at least five years. Not too long, IMHO, for a $300 phone.
    • but if they can get me a 128Gig unit for a decent price, I'll be satisfied being able to store what I need until I get home and can transfer it to my file server.

      WTF are you storing on your PHONE, FFS?!?

      • by bjwest ( 14070 )

        WTF are you storing on your PHONE, FFS?!?

        Umm.. Pictures just taken? It's always with me, unlike my DLSR.

      • It's a fucking COMPUTER. So, the same kind of things you would store on a desktop PC, or a NAS.
        There were consumer 120GB hard drives almost 15 years ago FFS.

        • It's a fucking COMPUTER. So, the same kind of things you would store on a desktop PC, or a NAS. There were consumer 120GB hard drives almost 15 years ago FFS.

          No. It's a PHONE with certain limited COMPUTER-LIKE functionality. It is no more a "computer" than your Playstation.

          • We were arguing about a Nexus phone, which I believe is a brand for phones that can be "rooted" without hacking or cracking.
            It's also about "phones" that can easily be compromised by malware, ads or attackers thus this slashdot story about a manufacturer providing insufficient security updates.
            I don't do constant security updates on my dumb phone or other "limited computer-like" devices.

  • by TheGratefulNet ( 143330 ) on Tuesday July 26, 2016 @02:44PM (#52584439)

    However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices.

    no one disagrees that it takes manpower to do full regression tests after patches. but the thing is, for most of the time you are NOT writing the patches, just integrating it!

    now, that aside, we all know that world labor is less than dirt-cheap. YOU HAVE NO EXCUSE TO AVOID GETTING THINGS DONE in this cheap-as-chips world labor market.

    fuck you. you claim you are poor? double fuck you for lying about it and we all can see that, too.

  • The vendor is only half the battle (well, one third). Now that google is putting out monthly updates, even users of handset makers that push them along monthly (Samsung) don't usually get the updates. The carrier is also involved. So unless all three, google, Samsung and, say, vodafone, all move the patches along, there is going to be a huge lag in getting these devices patched. Sooner or later, somebody isgoing to take good advantage of this hole. I can only hope it doesn't hurt too bad.

    It only makes

    • Again that's Google's fault. The carrier isn't involved in iOS updates. Why should the carrier be involved at all? My ISP doesn't have anything to do with when my computer receives updates. What's the difference?

      • As much as I am not a fanboi, this was where Jobs was really good. Ramming through entrenched interests to get what he wanted. Apple forced the carriers not to bundle crapware and repackage the OS, a side effect of that is that they can push their updates promptly. Google didn't and the carriers still hold the keys to the devices, to our detriment.

  • Don't forget that Motorola use the Six Sigma approach:

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    which is in opposition of the current trend of agility, where the focus is on delivering, while Six Sigma's focus is the process itself.

    Unless they don't use Six Sigma on their phones...

    • That's not really relevant.
      Motorola may have used Six Sigma. What does Lenovo do?

    • Don't forget that Motorola use the Six Sigma approach:

      That was back when Motorola was actually Motorola.

      I doubt that the Company-Formerly-Known-As-Motorola bears ANY resemblance whatsoever to the Mighty Motorola we all grew up with.
      br> Very sad, actually. They USED to be a very cool company. Now, they're nothing more than a Chinese Copy of a once-respectable Brand Name.

  • One of my colleagues swears up and down about developing unit tests and automated builds. If someone breaks something, then emails are sent out to the team saying "hey, this patch broke stuff, the code doesn't build right or test X fails".

    I know next to nothing about phone development, but if they are unable to update the OS code and run their software (and patches) against it in a reasonable time, then they seriously need to take a look at their dev process. Considering Apple, MS and Google do periodic
  • by purpledinoz ( 573045 ) on Tuesday July 26, 2016 @02:49PM (#52584501)
    In my view, this problem can only be solved by improving the Android OS itself. They need to carve out way more things out of the core OS and make them updateable through the Play Store. Microsoft manages to do this via Windows Updates, I don't see why Google can't figure it out. What makes things worse are carrier specific builds. Apple managed to do tell them to F off, Google should too.
    • by emil ( 695 ) on Tuesday July 26, 2016 @02:58PM (#52584585)

      According to wikipedia, Apple took this phone out behind the woodshed [wikipedia.org] in 2012.

      Any phone vendor who cuts support for a model should be REQUIRED to open the platform for 3rd-party maintenance. A phone is not a general purpose computer, and there should be special rules for it.

      • What are you talking about??

        The link you provided says Apple stopped selling it in 2012 (there were two later generations) because they couldn't provide the latest OS on the hardware. The very next sentence says that Apple provided the last OS update in 2014.

        2 years of patches is more than I expect when I buy a product that's not even last-gen anymore, and the manufacturer has announced an end to support.

      • by radish ( 98371 )

        Actually not entirely true. The 3GS runs iOS 6, which was most recently patched in April of 2014 to update FaceTime (for compatibility) and fix a security issue (GoToFail). I'm not aware of any significant security patch they've refused to port since then.

      • A phone is not a general purpose computer, and there should be special rules for it.

        You're right. And there are. It's called "Support has ended. Enjoy your product while it lasts."

        Your Microwave Oven doesn't get Open Sourced when it gets replaced with a newer model.

        Your DVD Player doesn't get Open Sourced when it gets replaced with a newer model.

        Your TV set doesn't get Open Sourced when it gets replaced with a newer model.

        Your A/V Receiver doesn't get Open Sourced when it gets replace with a newer model.

        Your Game Console doesn't get Open Sourced when it gets replaced with a newer

        • Let me know when you get your microwave patched to dial 911. I hope that works out for you.
          • Let me know when you get your microwave patched to dial 911. I hope that works out for you.

            If you are implying that a person with ONLY an iPhone 3 couldn't use it to dial 911 because it was stuck on iOS 4 (IIRC), I don't understand what your point is. An iPhone doesn't magically stop working just because there are no more OS Updates for it.

            If that sort of behavior was the case, there would be about 100 working Android handsets in the entire COUNTRY, because almost NONE of them are Supported, some not even when they are brand new...

            • by emil ( 695 )
              There were over a hundred WebKit security updates last year. How many made it to the iPhone 3? https://blogs.gnome.org/mcatan... [gnome.org]
              • There were over a hundred WebKit security updates last year. How many made it to the iPhone 3? https://blogs.gnome.org/mcatan... [gnome.org]

                I would imagine zero, which is to be expected for a phone discontinued in June, 2010. But they all made it to iPhone 4s, iPad 2 and above.

                Still an infinitely better Support record than every, or nearly every, Android device.

                • by emil ( 695 )
                  To reiterate, when a vendor abandons support for a critical communications device, all unlock codes should be divulged by legal requirement. That solves the problem for everybody.
    • Google should have created an OS architecture that allowed for it to push its own security updates while leaving the aesthetic aspects and third party apps of the phone vendors and carriers alone (unless they were fundamental to the security problem). This whole circus over Android updates would be a moot point if they would at least do that.
      • Google should have created an OS architecture that allowed for it to push its own security updates while leaving the aesthetic aspects and third party apps of the phone vendors and carriers alone (unless they were fundamental to the security problem).

        If there were a clear dividing line between "aesthetic aspects" and "things fundamental to the security problem", that might be feasible. The Android One project has actually tried to draw such a line, but none of the big OEMs are happy with where Google drew it. They want lots of control.

      • What you want is not possible in what is effectively an Open Source project.

    • I've always wondered why they never went with a Windows Update style system. It doesn't give a shit what you're running. As long as your stuff isn't poorly coded, you're not going to have issues. I must admit, though, .NET updates get pretty huge, but that's not something inherent to Windows Update itself. I also don't care for the newer iteration of Windows Update in 10, but that's another discussion entirely.
    • I don't see why Google can't figure it out

      (Android security team member here)

      It's not that Google doesn't know how to do that. It's that Google can't do that while also having a free and open source OS. Every piece that's moved out of the OS and into Play services is another piece that is no longer open. Moreover, if Google does too much of that sort of thing and removes the ability of OEMs to customize and differentiate their devices, they'll ignore Google completely, filling in the missing bits with their own code. Removing components from the

  • Windows PCs get updates pushed out by Microsoft. In the case of Android, shouldn't Google be in charge of pushing the updates?
    I think even Windows Phone updates are controlled by Microsoft even through OEM phones (if they had any left I mean).


    Can someone explain this to me?
    • Well, first off the subject really confused me. I thought the issue was someone not pushing out security updates even when none was required. Ie, like Microsoft's Tuesday updates make me wonder if they come out with pointless and unnecessary updates just so that they can have something every week, what do you do every month if you have no security patch to shove out?

      But reading the article it is *nothing* like that, the "monthly" thing is just a red herring. Basically they're not incorporating patches th

  • Cooking images on a per device basis is a crazy, unnecessary unmanageable nightmare that leads to precisely this outcome complete with vendors crying "it's too hard".

    There should be a single image that can be installed on anything it has drivers for like any normal operating system. This isn't a novel concept. Everyone knows what the solution is.

    No smartphone vendor has ever paid any price for their customers getting owned. There is no incentive to give a shit and every incentive to use this as leverage

    • I agree. Perhaps Google should try should offer "universal" Android distribution that supports the relevant drivers for all modern hardware to the OEMs, and then see what happens. At least, give an option to the Nexus device users to run it. I suspect there are several "pure hardware makers", like the Chinese company Oneplus, who'd love to get out of the business of creating and maintaining the ROMs, so the idea will take off at least with them.

  • "Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough."

    Publicly shaming?!? LOLWUT?

    How about they deny using the Android name or Logo to any company who doesn't whip their own engineering and their distribution chain (carriers) in line? That seems to work for every other "Brand" or "Standard" that has a marketable "identity".
  • My cousin's hubby is a phone engineer at motorola. He's busted his ass going back and forth to china, helping them create phones, helping teach them how to create phones. My cousin was pissed - he was gone so much. All he brought back was a cup from the local Starbuck's. Too much working to get a real present.

    And all for naught. I've heard nothing but meh or worse about these new phones. They've taken the Moto-ness out and put the corporate-ness in. Motorola is gone. And he's likely to need to polish his re

  • I'm on the Samsung Galaxy S5 with T-Mobile, and to my surprise, a few months ago it started receiving the monthly patches just a few days after my Nexus 7. I don't know what the hell got into Samsung or T-Mobile, but holyshit, I'm quite happy they're actively supporting a now two+ year old device with the latest security patches.

  • Someone that posts a link to a torrent site can become co-responsable for the copyright infrigements downstream.

    By the same logic, if a mobile phone is hacked and money disapears from the bank account due to that, then the phone manufacturer and operator are co-responsables for that hacking due to leaving the phone open to known vulnerabilities?

  • Google has a list of rules that an Android OEM has to follow if said OEM wants to be able to ship the Google Play Store, the Google Play Services middleware library and the other Google apps like GMail. Google could simply add terms to that agreement that require OEMs to provide security updates for their devices for a minimum amount of time after the device is released.

    OEMs might complain but (with the possible exception of Samsung who might be able to ditch Google and do its own thing) they all need the G

  • by QuietLagoon ( 813062 ) on Wednesday July 27, 2016 @07:55AM (#52588799)
    Google has lost control of the Android environment and, apparently, has little or no concern about the security of the devices using its operating system.

    .
    Unless google changes its stance on Android security, Android will not be patched regularly ... or secure to use.

Keep up the good work! But please don't ask me to help.

Working...